Uploaded image for project: 'Fedora Repository Project'
  1. Fedora Repository Project
  2. FCREPO-2742

Section 5: Allow single-document ACLs using hash URIs for authorizations.

    Details

    • Type: Story
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: Fedora 5.0.0
    • Fix Version/s: Fedora 5.0.0
    • Component/s: f4-auth
    • Labels:

      Description

      Currently, Fedora requires ACLs to be structured as:
      a) an ACL container, with
      b) N LDP children, one for each authorization in the ACL

      This structure is not part of the SOLID spec, and may even be contrary to it. It needs to be possible to express an entire ACL as a document, rather than a multi-resource graph. This means supporting hash URIs for authorizations. ACLs that resemble the examples in the SOLID spec should be supported:

      @prefix acl: <http://www.w3.org/ns/auth/acl#>.
      <#authorization1>
      a acl:Authorization;
      acl:agent <https://alice.databox.me/profile/card#me>; # Alice's WebID
      acl:accessTo <https://alice.databox.me/docs/file1>;
      acl:mode
      acl:Read, acl:Write, acl:Control.

       

      The task here is as follows: 

      1. Ignore http://fedora.info/definitions/v4/webac#Acl type in the code.
      2. Modify the algorithm for collecting authorizations  so that all authorizations are read from the file pointed to by the rel=acl link associated with a resource.
        1. The task is to check at https://github.com/fcrepo4/fcrepo4/blob/master/fcrepo-auth-webac/src/main/java/org/fcrepo/auth/webac/WebACRolesProvider.java#L368 and modify the algorithm to get hash resources unless `FedoraResource.getChildren()` also gets hash URI children, in which case nevermind.

      Notes: https://gist.github.com/yinlinchen/13c9a3f2c0bdb8dc7cf06bf060f3c520 

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                dbernstein Danny Bernstein
                Reporter:
                birkland Aaron Birkland
                Reviewer:
                Peter Eichman
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: